Severe Risk
IP 196.251.80.79 is a critical-risk address originating from Seychelles, linked to sustained SSH brute-force attacks detected through automated honeypot infrastructure, with a substantial volume of 261 abuse reports filed against this single endpoint between September and November 2025.
Recorded threat intelligence shows 20 of those reports specifically categorizing the malicious activity as SSH connection attempts, with the pattern flagged by fail2ban on the sshd service, indicating the traffic triggered authentication-failure thresholds on exposed servers. The addressing originates from ASN AS401120, operated by CHEAPY-HOST, and all confirmed detections were generated by automated honeypot sensors without reliance on manual community submissions. Despite the high volume of historical reporting, the current activity frequency metric stands at zero, suggesting the aggressive scanning campaign may have subsided or shifted to alternative infrastructure, though the IP address remains a known threat vector with potential for reactivation.
SSH brute-force activity represents one of the most common initial-access vectors in server compromise, where threat actors systematically attempt credential pairs against publicly reachable sshd daemons to gain unauthorized entry. The real-world risk involves server takeovers, data exfiltration, deployment of persistence mechanisms or cryptocurrency miners, and use of compromised machines as pivots for further network intrusion. Even failed attempts consume server resources and serve as precursors to more sophisticated attacks if defenders do not implement layered authentication controls.
Operators with exposed SSH services should immediately block or rate-limit traffic from this address at the firewall level and implement fail2ban to automatically ban repeated authentication failures. Migration to key-based authentication, disabling root login over SSH, changing the default port from 22, and enforcing strong password policies or account lockout thresholds are critical defensive measures that substantially reduce the attack surface for this and similar threat addresses.
NL 
KR 
GB 
HK